Stridium Cybersecurity Advisors gives an insightful lesson on cyber threats facing countless entities today and a few tips how not to become a victim.
Studies have shown that more than 60 percent of data breaches are now targeting small business. There are a number of reasons that small business makes an attractive target to those with malicious intent. Some of the main reasons include:
- They tend to have valuable data. Many small businesses collect information that hackers can sell online via the dark web (online portals where digital contraband is made available for sale). This data can include customer information, or Personally Identifiable Information (PII), credit card data, or patient health records. It may also take the form of some kind of intellectual property or “secret sauce” that gives the business a strategic advantage in the marketplace (e.g. formulas, recipes, designs, strategic plans, etc.)
- They are more willing to pay a ransom. Because small business is often less prepared to avoid the negative consequences of a ransomware attack (typically an organization’s critical data files are encrypted and thus made unavailable), they will often comply with a hackers demand for payment to restore their access to critical systems data so they can resume business quickly.
- They often can provide access to the systems of business partners.Though larger organizations tend to be more protected, the access granted to small business partners often is not, making them a weak link in their cybersecurity defenses. Hackers can exploit this access to attack the business partners systems and data. These partner businesses may be other small businesses, but also can be mid-tiers and large enterprise organizations.
- They typically lack adequate cyber defenses. Small businesses typically lack both the resources and expertise to provide sufficiently strong cyber security, making them easy targets for most hackers. Many small businesses neglect to think about protecting the systems and data on which their business relies until it is too late, though even a small monthly investment may have protected them.
So what can small business do to protect themselves? There is an old saying that you don’t have to be faster than the bear that is chasing you, you just need to be faster than the other guy running away from it. Fortunately, there are some fairly easy steps that will make it more difficult for hackers to breach your cyber defenses, and cause them to move on to easier prey:
- Keep your sensitive data protected.With a little planning, it’s not hard to reduce your sensitive data footprint and provide adequate protection to this information, making your business a much smaller target to those with bad intent.
- Be prepared for a cyber incident. Small businesses that have developed an Incident Response Plan and perform regular backups of critical data to offsite protected storage are less likely to need to make ransomware payments to retrieve their data (which may or may not result in access being restored).
- Understand and reduce risks to business partner access. Perform a risk assessment of your systems that will highlight any risks where your business connects to others, such as online portals, point-of-sale systems, and network or modem access to systems (e.g. an HVAC system) and implement recommended security measures to mitigate this risk.
- Hire a third-party cyber security firm. Even if you lack security resources and expertise, you can augment your defenses by hiring a third-party cyber security firm to recommend and implement adequate security measures using on-demand resourcing. This firm will manage your cyber security program and be available to interact with any security-related requests from clients, regulators or business partners who want to know how you intend to protect information they may share with you.
Small businesses that are willing to address their cyber security risk can implement cost-effective measures to protect themselves, the sensitive information they collect, and the business partner’s systems and data with which they interact. Small, but carefully planned efforts in this critical area can help ensure business-as-usual, while neglecting it can result in an end-of-business scenario or a loss of business opportunity (e.g. customers and/or business partners).